Skip to Content

Keeping Pacemakers Safe from Hackers

Communicating with ultrasound could help make implantable medical devices safe from attack.
November 10, 2009

Manufacturers have started adding wireless capabilities to many implantable medical devices, including pacemakers and cardioverter defibrillators. This allows doctors to access vital information and send commands to these devices quickly, but security researchers have raised concerns that it could also make them vulnerable to attack.

Listening up: Researchers implanted a medical device in the abdominal wall of a cow to test a new authentication system.

Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it.

The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.

Since Fu and Kohno went public with their work, other researchers have begun looking for ways to address this problem. Claude Castelluccia, a senior research scientist at the French National Institute who was involved with designing the new access-control system, says that any scheme designed to protect medical devices has to balance preventing unauthorized access with ease of use for medical staff.

Castelluccia and his colleagues came up with the idea of restricting access to implantable medical devices depending on the physical proximity of the communicating device. Under their plan, a device will always be accessible from up to 10 meters away, and will normally enforce a series of authentication steps before allowing access. In an emergency, however, when the device detects that the patient using it is in trouble, it will grant access to anyone who is physically close to the patient (within about three centimeters).

Other researchers have suggested requiring wireless reading devices to be physically close to an implant in order to access it. But Castelluccia says that attackers can get around this by using a strong radio transmitter to mimic close proximity. To solve this issue, his plan calls for ultrasound waves to be used in addition to radio signals–the speed of sound allows the device to calculate with confidence how far away the reader is.

Castelluccia says the device only needs a microphone in order to detect the ultrasound and that he doesn’t expect the protocol to consume much power–a key concern with an implantable medical device because it’s hard to replace the battery. Because the device won’t respond to requests that come from outside the predetermined distance, it would also be harder for an attacker to wear down the battery by forcing it to process one request after another.

Kohno says the work being presented this week is promising, but argues that researchers have so far only scratched the surface of medical-device security. He argues that any solutions will require extensive testing in conjunction with medical professionals. “If for some reason this component had a problem, the consequences could be very serious,” he says.

But Castelluccia believes the protocol is mature enough to begin moving toward deployment. His group has built and tested a prototype system, and has patented the technology. It’s currently talking with manufacturers about developing a prototype.

Keep Reading

Most Popular

conceptual illustration of a heart with an arrow going in on one side and a cursor coming out on the other
conceptual illustration of a heart with an arrow going in on one side and a cursor coming out on the other

Forget dating apps: Here’s how the net’s newest matchmakers help you find love

Fed up with apps, people looking for romance are finding inspiration on Twitter, TikTok—and even email newsletters.

computation concept
computation concept

How AI is reinventing what computers are

Three key ways artificial intelligence is changing what it means to compute.

still from Embodied Intelligence video
still from Embodied Intelligence video

These weird virtual creatures evolve their bodies to solve problems

They show how intelligence and body plans are closely linked—and could unlock AI for robots.

We reviewed three at-home covid tests. The results were mixed.

Over-the-counter coronavirus tests are finally available in the US. Some are more accurate and easier to use than others.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.